These are Ansible playbooks (scripts) for managing an Open Food Network app server. This is not for your local development environment. Head to the OFN getting started guide to run the OFN locally.
See the wiki for more information, including: additional setup, configuring, provisioning and deployment.
For deploying OFN versions below v4.x.x
, please use the ofn-v3
branch of this repo.
These playbooks will install the Open Food Network app onto a server running an apt-compatible OS like Debian or Ubuntu. It has currently been tested on Ubuntu 16.04 and 18.04 (64 bit) on AWS, DigitalOcean and Scaleway cloud servers.
The playbooks take information from the inventory. Make sure that your host's information is up to date before running a playbook.
These are the main playbooks. See inside each for more details.
setup.yml
- Use a root login to ensure python is installed and create a default user (defined in inventory/group_vars/all.yml) on the server for installation (mandatory the first time you provision a server).provision.yml
- Install and configure all required software on the server (requires secrets, see below).deploy.yml
- Deploy OFN to the server by copying a git repo to the server and using ruby/rake/rails tasks to configure and migrate.backup.yml
- Backup database and image files on the server to the local machine.rollback.yml
- Rollback the database and codebase to the previous version.
You may want to use the ansible option "checkrun" to do a dry-run of the playbooks. With this option, Ansible will run the playbooks, but not actually make changes on the server.
- Fork the ofn-install repository.
- Clone the forked copy:
git clone https://github.com/<your-namespace>/ofn-install.git
It's recommended you set up your Python environment using Pyenv.
- Install and configure pyenv
- Install and configure pyenv-virtualenv
- Install the required Python version:
$ pyenv install 3.8.2
- Create the virtualenv:
$ pyenv virtualenv 3.8.2 ofn-install
You will need to install Ansible, alongside other dependencies, on your machine to run the playbooks. You can do so with:
pip install -r requirements.txt
Some playbooks require third-party roles, which are specified in bin/requirements.yml
. You can install with the included script:
$ bin/setup
Some tasks require host-specific secrets, and will show an error if they haven't been provided. These can change from time to time, so always ensure you have the latest before provisioning.
Secrets can be provided with a parameter like so:
ansible-playbook playbooks/provision.yml --limit=au_staging -e "@../ofn-secrets/au_staging/secrets.yml" --ask-vault-pass
If you have access to the ofn-secrets
repository, you can fetch them with the fetch_secrets.yml
playbook. The secrets for each host will be loaded into the relevant directory in inventory/host_vars/
, then you can go ahead and provision. See the readme for more tips on setup.
ansible-playbook playbooks/fetch_secrets.yml && ansible-playbook playbooks/provision.yml
Run the ansible-lint checks using:
ansible-lint site.yml --exclude=community
This is also run in CI.
This repository doesn't manage additional security configuration. The private repository ofn-security
is used for servers managed by the OFN team.